Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
Recent vulnerabilities and exploits
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property....
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
5 EDB exploits available
1 Metasploit module available
85 Github repositories available
2 Articles available
5.5
CVSSv3
CVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base...
Phpmailer Project Phpmailer
1 EDB exploit available
84 Github repositories available
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
2 EDB exploits available
1 Metasploit module available
86 Github repositories available
2 Articles available
NA
CVE-2022-24403
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt...
2 Articles available
8.8
CVE-2023-4362
Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)...
Google Chrome
Debian Debian Linux 11.0
Debian Debian Linux 12.0
6.1
CVE-2023-41642
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE...
Grupposcai Realgimm 1.1.37
1 Github repository available
5.4
CVE-2023-1861
The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...
Limit Login Attempts Project Limit Login Attempts
6.1
CVSSv3
CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS....
H3c Ssl Vpn
7 Github repositories available
6.1
CVSSv3
CVE-2021-37216
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data....
Qsan Xn8024r Firmware 3.1.5
Qsan Xn8008t Firmware 3.3.2
1 Github repository available
5.4
CVSSv3
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header....
Dolibarr Dolibarr Erp\\/crm 11.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-33043
CVE-2023-42568
remote code execution
CVE-2023-42917
privilege escalation
logic flaw
CVE-2023-33087
CVE-2023-49105
CVE-2023-33080
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »